logrotate 不壓縮 /var/log/messages
隨著時間的推移,我注意到一些日誌,
/var/log例如auth,kern並且messages變得越來越大。我logrotate為他們做了條目:$ cat /etc/logrotate.d/auth.log /var/log/kern.log { rotate 5 daily } $ cat /etc/logrotate.d/kern.log /var/log/kern.log { rotate 5 daily } $ cat /etc/logrotate.d/messages /var/log/messages { rotate 5 daily postrotate /bin/killall -HUP syslogd endscript }我也
compress啟用了該選項:$ grep compress /etc/logrotate.conf # uncomment this if you want your log files compressed compress這適用於
auth.log和kern.log其他人,這意味著這些日誌中的每一個都被壓縮和旋轉,並保留了最後 5 天的日誌。/var/log/messages但是沒有被壓縮,導致日誌超過 5 天:$ ls /var/log/messages* /var/log/messages /var/log/messages-20100213 /var/log/messages-20100201 /var/log/messages-20100214 /var/log/messages-20100202 /var/log/messages-20100215 /var/log/messages-20100203 /var/log/messages-20100216 /var/log/messages-20100204 /var/log/messages-20100217 /var/log/messages-20100205 /var/log/messages-20100218 /var/log/messages-20100206 /var/log/messages-20100219 /var/log/messages-20100207 /var/log/messages-20100220 /var/log/messages-20100208 /var/log/messages-20100221 /var/log/messages-20100209 /var/log/messages-20100222 /var/log/messages-20100210 /var/log/messages-20100223 /var/log/messages-20100211 /var/log/messages-20100224 /var/log/messages-20100212正如在 ServerFault 上的另一個
logrotate問題中所解釋的那樣,舊日誌(很可能)不會被刪除,因為每個文件的文件結尾都不同。這似乎是因為文件沒有被壓縮。我可以做些什麼來
/var/log/messages壓縮和輪換保留最後 5 天的日誌,就像我的所有其他日誌文件一樣?我錯過了什麼?編輯1:前幾個答案中要求的附加資訊。
我正在執行 Gentoo Linux。我的
/etc/logrotate.conf文件:$ cat /etc/logrotate.conf # $Header: /var/cvsroot/gentoo-x86/app-admin/logrotate/files/logrotate.conf,v 1.3 2008/12/24 20:49:10 dang Exp $ # # Logrotate default configuration file for Gentoo Linux # # See "man logrotate" for details # rotate log files weekly weekly #daily # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # use date as a suffix of the rotated file dateext # uncomment this if you want your log files compressed compress # packages can drop log rotation information into this directory include /etc/logrotate.d notifempty nomail noolddir # no packages own lastlog or wtmp -- we'll rotate them here /var/log/wtmp { monthly create 0664 root utmp rotate 1 } /var/log/btmp { missingok monthly create 0600 root utmp rotate 1 }
/etc/logrotate.d包含我上面提到的自定義配置文件以及這些軟體包安裝的 mysql、rsync 等配置。我的根
crontab是空的:$ sudo crontab -l no crontab for root我檢查了所有
/etc/cron.{daily,hourly,monthly,weekly}與 syslog 相關的內容,並且有一個腳本可以旋轉/var/log/syslog和/var/log/auth.log.接下來,我按照 CarpeNoctem 的建議製作了一個
/var/log/messages-onlylogrotate配置文件:$ cat logrotate-messages weekly rotate 4 create dateext compress notifempty nomail noolddir /var/log/messages { rotate 5 daily postrotate /bin/killall -HUP syslogd endscript }然後我
logrotate手動執行:$ logrotate -d logrotate-messages -f reading config file logrotate-messages reading config info for /var/log/messages Handling 1 logs rotating pattern: /var/log/messages forced from command line (5 rotations) empty log files are not rotated, old logs are removed considering log /var/log/messages log needs rotating rotating log /var/log/messages, log->rotateCount is 5 dateext suffix '-20100224' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' glob finding old rotated logs failed renaming /var/log/messages to /var/log/messages-20100224 creating new /var/log/messages mode = 0644 uid = 0 gid = 0 running postrotate script running script with arg /var/log/messages : " /bin/killall -HUP syslogd " compressing log with: /bin/gzip $ which gzip /bin/gzip $ file /bin/gzip /bin/gzip: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.9, stripped根據上面
logrotate的日誌,用 /bin/gzip 壓縮了日誌,但是在/var/log. 此外,舊旋轉文件的通配失敗。編輯 2 :在將後綴附加到舊文件
logrotate後添加執行的調試輸出。.gz``/var/log/message-*我們開始:
$ ls /var/log/messages* /var/log/messages /var/log/messages-20100222.gz /var/log/messages-20100219.gz /var/log/messages-20100223.gz /var/log/messages-20100220.gz /var/log/messages-20100224.gz /var/log/messages-20100221.gz然後
logrotate使用我們的自定義配置文件執行:$ logrotate -d logrotate-messages -f reading config file logrotate-messages reading config info for /var/log/messages Handling 1 logs rotating pattern: /var/log/messages forced from command line (5 rotations) empty log files are not rotated, old logs are removed considering log /var/log/messages log needs rotating rotating log /var/log/messages, log->rotateCount is 5 dateext suffix '-20100224' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' removing /var/log/messages-20100219.gz removing old log /var/log/messages-20100219.gz destination /var/log/messages-20100224.gz already exists, skipping rotation這一次,
logrotate’s glob 成功並找到了第六個壓縮日誌文件,打算將其刪除。該文件實際上並未被刪除;我想那是因為我們在調試模式下執行。我很好奇啟用該
delaycompress選項是否/var/log/messages會有所幫助。我啟用了它,第二天早上會檢查結果。
添加
delaycompress到配置部分以/var/log/messages解決問題。來自
man logrotate:delaycompress Postpone compression of the previous log file to the next rota‐ tion cycle. This only has effect when used in combination with compress. It can be used when some program cannot be told to close its logfile and thus might continue writing to the previ‐ ous log file for some time.我想
sysklogd,我的 syslog 守護程序不能被告知關閉它的日誌文件,因此這是必要的。有趣的是,我的原始配置(沒有
delaycompress指令)直接來自man logrotate(除了我改為weekly)daily:# sample logrotate configuration file compress /var/log/messages { rotate 5 weekly postrotate /usr/bin/killall -HUP syslogd endscript }